1. Field of Invention
The invention relates generally to a telecommunications security system for ascertaining the veracity of a user before providing the user with services or access to confidential information. More specifically, the invention involves an automated system for verifying the identity of a caller by posing one or more questions to the caller which relate to information that only a person having rightful access to the services or confidential information would be likely to know.
2. Background
Telecommunications have enabled business to conduct transactions and transfer information at unprecedented speeds. Tools like the telephone and the internet allow parties miles away to conduct business almost as if they were face to face. One shortcoming of conducting business in this fashion, however, is verifying that the other party is indeed who he or she claims to be. Such a verification is important if confidential information is to be revealed or valuable services are to be rendered.
Traditionally, verifying a caller""s authenticity was performed by keeping private information on file that a person who has rightful access to the confidential information would be likely to know. For example, if a person called his stock broker to obtain his current balance, he may first provide a customer service representative with his account number. The representative may then ask an open-ended question relating to the private information, for example, xe2x80x9cWhat is your mother""s maiden name?xe2x80x9d The representative then interprets the caller""s response, and compares it with the correct answer to verify the caller""s identity. If the caller responds correctly, then the representative can reasonably assume that the caller is authentic, and provide him with the requested confidential information such as an account balance, or perform a service such as transferring funds.
Although this system performs well when a person receives the call and can understand the caller""s response, it does not lend itself to automation. An automated system would require sophisticated voice recognition capabilities that may be impractical and perhaps impossible. For example, many voice recognition packages require the system to xe2x80x9clearnxe2x80x9d the user""s voice characteristics and maintain a catalog of sounds. Such extravagant measures are impractical for institutions such as banks or brokerage houses which service thousands of clients.
Therefore, an automated security system in the field of telecommunications is needed that verifies the right of a user to access certain confidential information or services without the need for sophisticated voice recognition packages. The present invention fulfills this need.
The present invention relates to a security method, apparatus and system for verifying the authenticity of a user before providing the user with a desired service or confidential information. In a process embodiment of the invention, a request is received from the user, and then a question set is fetched corresponding to the user. The question set concerns private information that a person having rightful access to the desired services should know. The question set has at least one question and a possible answer or a list of possible answers. The question is then transmitted to the user along with the possible answer(s). After receiving a response from the user, a record is made whether or not the response is correct. A correct response, for example, may correctly identify which answer is correct/incorrect from a list of possible answers, or it may indicate whether or not a possible answer is correct/incorrect. Finally, after a predetermined number of questions are transmitted to the user, a determination is made whether the number of incorrect/correct responses received from the user exceeds a certain limit. It should be understood that since correct and incorrect answers are conversely related, a determination based on one necessarily relates to a determination based on the other. The decision on which one to consider is arbitrary. If the number of incorrect responses exceeds the certain limit, then the user is refused the desired service. On the other hand, if the number does not exceed the limit, then the user is provided with the desired service.
In the preferred embodiments, the present invention employs a number of safeguards against infiltration by an imposter attempting to gain access through trial and error. First, the list of possible answers corresponding to a particular question remains substantially the same each time the question is transmitted to the user. This eliminates the ability to determine the correct answer by monitoring the possible answers and observing which one is consistently provided. Second, the question set contains a multiplicity of questions which decreases the probability of gaining entry by guessing. Third, a determination is made whether to provide or deny the desired services only after the user responds to a predetermined number of questions from the question set (preferably all of them). If the user fails to respond adequately, he is simply denied the desired servicexe2x80x94he receives no clue as to which questions were answered correctly or incorrectly. Fourth, the system prevents a computer xe2x80x9chackxe2x80x9d from repeated attempts to access the information by implementing a lock condition. In one embodiment, a lock condition results when a user responds incorrectly to a certain number of questions over a predetermined period of time. Once a lock condition is imposed, the user can no longer use the automated system to gain access to the desired services.
The present invention therefore provides a means of automatically ascertaining the authenticity of a user with a high measure of reliability and without the need for sophisticated voice recognition equipment.